CVE-2025-26601

Name
CVE-2025-26601
Description
A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
vdb-entry https://access.redhat.com/security/cve/CVE-2025-26601
issue-tracking https://bugzilla.redhat.com/show_bug.cgi?id=2345251
vendor-advisory https://access.redhat.com/errata/RHSA-2025:2500
vendor-advisory https://access.redhat.com/errata/RHSA-2025:2502
vendor-advisory https://access.redhat.com/errata/RHSA-2025:2862
vendor-advisory https://access.redhat.com/errata/RHSA-2025:2865
vendor-advisory https://access.redhat.com/errata/RHSA-2025:2874
vendor-advisory https://access.redhat.com/errata/RHSA-2025:2875
vendor-advisory https://access.redhat.com/errata/RHSA-2025:2861
vendor-advisory https://access.redhat.com/errata/RHSA-2025:2866
vendor-advisory https://access.redhat.com/errata/RHSA-2025:2873
vendor-advisory https://access.redhat.com/errata/RHSA-2025:2879
vendor-advisory https://access.redhat.com/errata/RHSA-2025:2880
vendor-advisory https://access.redhat.com/errata/RHSA-2025:7163
vendor-advisory https://access.redhat.com/errata/RHSA-2025:7165
vendor-advisory https://access.redhat.com/errata/RHSA-2025:7458
af854a3a-2127-422b-91ae-364da2661108 https://security.netapp.com/advisory/ntap-20250516-0004/

Match rules

CPE URI Source package Min version Max version
shopxo >= 0 < 21.1.16
shopxo >= 22.0.0 < 24.1.6
cpe:/o:redhat:enterprise_linux:10.0 shopxo >= 0:24.1.5-3.el10_0 < *
cpe:/o:redhat:rhel_els:7 shopxo >= 0:1.8.0-36.el7_9 < *
cpe:/o:redhat:rhel_els:7 shopxo >= 0:1.20.4-30.el7_9 < *
cpe:/a:redhat:enterprise_linux:8::appstream shopxo >= 0:1.13.1-15.el8_10 < *
cpe:/a:redhat:rhel_aus:8.2::appstream shopxo >= 0:1.9.0-15.el8_2.13 < *
cpe:/a:redhat:rhel_aus:8.4::appstream shopxo >= 0:1.11.0-8.el8_4.12 < *
cpe:/a:redhat:rhel_e4s:8.6::appstream shopxo >= 0:1.12.0-6.el8_6.13 < *
cpe:/a:redhat:rhel_eus:8.8::appstream shopxo >= 0:1.12.0-15.el8_8.12 < *
cpe:/a:redhat:enterprise_linux:9::appstream shopxo >= 0:1.14.1-1.el9_5.1 < *
cpe:/a:redhat:enterprise_linux:9::crb shopxo >= 0:1.20.11-28.el9_6 < *
cpe:/a:redhat:enterprise_linux:9::crb shopxo >= 0:23.2.7-3.el9_6 < *
cpe:/a:redhat:rhel_e4s:9.0::appstream shopxo >= 0:1.11.0-22.el9_0.13 < *
cpe:/a:redhat:rhel_eus:9.2::appstream shopxo >= 0:1.12.0-14.el9_2.10 < *
cpe:/a:redhat:rhel_eus:9.4::appstream shopxo >= 0:1.13.1-8.el9_4.5 < *

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
xorg-server edge-community 21.1.16-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
xwayland edge-community 24.1.6-r0 Simon Zeni <simon@bl4ckb0ne.ca> fixed
xorg-server 3.21-community 21.1.16-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
xwayland 3.21-community 24.1.6-r0 Simon Zeni <simon@bl4ckb0ne.ca> fixed